ITS

Information Technology Services
Information Technology Services

ATP for SharePoint Online, OneDrive for Business, and Microsoft Teams

Overview

Office 365 ATP for SharePoint Online, OneDrive for Business, and Microsoft Teams allows users to collaborate in a safe manner by detecting and blocking files that are identified as malicious in document libraries and sites.

How it works

When ATP detects a malicious file in SharePoint Online, OneDrive for Business or Microsoft Teams, it locks the file and blocks users from opening, downloading or sharing it.

info icon

Note: Office 365 ATP for SharePoint Online, OneDrive for Business, and Microsoft Teams does not scan every file stored.  Instead, ATP scans files asynchronously as users share files using "smart heuristics" and intelligence about potential threats.

How to know if a file has been identified as malicious

A file that has been identified as malicious and blocked will have a visual indicator appear beside the file name (applies to modern experience only, visual indicators will not display in classic view), in-application notifications will appear, and/or users will be blocked from opening the file. 

The following images show examples of the visual indicator and notifications for a malicious file detected in a library.

Screen capture of blocked file indicator in library with notification displayed: To protect your PC and other files, we've removed Open, Share, and other commands.  Contact your admin for options"

If a user attempts to open a blocked file they will be directed to a page similar to the following image.

Screen capture of blocked file upon opening with message displayed: To protect your PC and other files, we've removed Open, Share, and other commands.  Contact your admin for options"

What to do when a malicious file is found

If a malicious file has been detected and blocked, the recommended action is to delete the file.  If you think that a file has been incorrectly identified as malicious (false positive), please report to the IT Support Centre before deleting the file.

Learn more

To learn more about the user experience when a file has been detected as malicious, refer to Microsoft's article: What to do when a malicious file is found in SharePoint Online, OneDrive, or Microsoft Teams.

Last Updated: June 11, 2019